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1 DETAILED ACTION 

2 

3 This action is in response to the communication filed on 1/8/07. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1 - 20 are pending. 
6 

7 Continued Examination Under 37 CFR 1. 1 14 

8 

9 A request for continued examination under 37 CFR 1.114, including the fee set 

10 forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 

1 1 application is eligible for continued examination under 37 CFR 1.114, and the fee set 

12 forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 

13 has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 

14 10/31/07 has been entered. 
15 

1 6 Claim Rejections - 35 USC § 102 

17 

18 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

1 9 form the basis for the rejections under this section made in this Office action: 

20 A person shall be entitled to a patent unless - 

21 (b) the invention was patented or described in a printed publication in this or a foreign country or in public 

22 use or on sale in this country, more than one year prior to the date of application for patent in the United 

23 States. 
24 
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1 Claims 1-20 are rejected under 35 U.S.C. 102(b) as being anticipated by 

2 Boden et al. (Boden), "System and Method for Managing Security Objects", U.S. 

3 Patent 6,330, 562 in view of Shapira et al. (Shapira), "Virtual Private Netowrk 

4 Mechanism Incorporating Security Association Processor", U.S. Patent 7,107,464. 

5 

6 Regarding claim 1, Boden discloses: 

7 providing a plurality of security policies to be applied to traffic at least one of to or 

8 from a host(7:51 -58), wherein each security policy includes an application instance 

9 identifier associated with a security service (1 5:37-38; 4: 1 7-22; fig. 3b:36; fig. 3d:58), at 

1 0 least two application instance identifiers being associated with different security services 

1 1 that operate according to different protocols at different layers of a multi-layered 

12 protocol stack (8:29-38; 54-67 - Boden discloses a plurality of security services 

13 associated with key management and data management. The security services 

14 operating according to different protocols at different layers [ex. IKE vs. ESP, AH). 



1 5 and creating a plurality of security associations, at least two security associations 

1 6 being created based upon respective different security services (2:3-8) associated with 

17 at least one application instance identifier to thereby create a centralized key store 

1 8 including the plurality of security policies and security associations (figs. 3-3d; 3:23-36). 

19 Boden discloses a security database utilized to provide security services. 

20 However, Boden does not appear to explicitly recite that at least one of the security 

21 association being created according to a key management protocol that differs from the 

22 protocols according to which the security services operate. 
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1 Shapira also discloses a security database utilized to provide security services 

2 (Shapira, 2:47-59; 6:66-7:10). Shapira teaches the method of security accociations 

3 being created according to a key management protocol that differs from the protocols 

4 according to which the security services operate (Shapira, 15:54-63, ssl vs. esp). 

5 It would have been obvious to one of ordinary skill in the art to employ the 

6 methods of Shapira within the system of Boden. This would have been obvious 

7 because one of ordinary skill in the art would have been motivated by the advantages of 

8 a more useful system (i.e. the ability to provision more security services). 
9 

10 Regarding claims 6 and 1 1 they are rejected, at least, for the same reasons as 

1 1 claim 1 , and because the combination further discloses: 

1 2 a first security gateway configured for providing a plurality of security policies (fig. 

13 1:18,19)... wherein the first security gateway is configured for applying a security 

1 4 service associated with an identified application instance identifier (4:1 7-22) to at least 

1 5 one packet of data to thereby transform the at least one packet of data (fig. 3:80), 

1 6 wherein the first security gateway is configured for applying the security service to the at 

1 7 least one packet based upon at least one security policy and at least one security 

1 8 association (fig. 1 ; 3:60-4:4; 6: 1 3-31); and a second security gateway configured for 

1 9 applying the security service associated with the identified application instance identifier 

20 to the at least one transformed packet of data to thereby generate a representation of 

21 the at least one packet of data (fig. 1; 3:60-4:4; 6:13-31); 
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1 



wherein the processor is configured to relay the at least one transformed packet 



2 



(fig. 1:213;3:60-4:4). 



3 



4 



Regarding claims 2 



, 3, 9, 12, and 14, the combination further discloses a system 



5 comprising sending and receiving gateways. Each gateway further comprises a key 

6 management policy and a data management policy. Each of the specified policies 

7 provides for associated security services. (3:60-4:22). Both the sending and receiving 

8 gateways receive and transmit packets of which are transformed upon transmission or 

9 reception according to the identified application of security services between nodes 
10 (3:1-20; 3:60-4:16; fig. 1). 

11 

12 Regarding claims 4, 8, and 13, the combination further discloses: 

13 at least one security policy further including at least one selector field having at 

14 least one selector value in a format common to a plurality of security service protocols, 

1 5 and wherein applying the security service comprises applying the security service 

1 6 further based upon the at least one security policy including the at least one selector 

17 value (11:table 1; figs. 3-3d; 13:1-50; 13:62-14:25). Boden discloses a security policy 

18 having common selector fields utilized to provide security services in accordance with 

19 the protocols defined by the policy. 



21 Regarding claims 7, it is rejected, at least, for the same reasons as claims 1 and 

22 6. 



20 
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1 

2 Regarding claims 5, 10, and 15, the combination further discloses creating at 

3 least one security association according to an Internet Key Exchange (IKE) technique 

4 (3:60-4:16). 
5 

6 Regarding claims 16-20, they are the features and limitations of the above 



7 rejected claims embodies as computer instructions upon a medium. Thus, they are 

8 rejected, at least, for the same reasons as the above rejected claims, and further 

9 because the combination discloses a computer program product for creating and 
1 0 maintaining a centralized key store (1 5:62-1 6:6). 

11 



12 Response to Arguments 

13 

14 Applicant's arguments with respect to claims 1-20 have been considered but are 

1 5 moot in view of the new ground(s) of rejection. 
16 

17 Conclusion 

18 

19 The prior art made of record and not relied upon is considered pertinent to 

20 applicant's disclosure: 
21 

22 See Notice of References Cited 
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1 

2 A shortened statutory period for reply is set to expire 3 months (not less than 90 

3 days) from the mailing date of this communication. 

4 Any inquiry concerning this communication or earlier communications from the 

5 examiner should be directed to Jeffery Williams whose telephone number is (571) 272- 

6 7965. The examiner can normally be reached on 8:30-5:00. 

7 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

8 supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 

9 number for the organization where this application or proceeding is assigned is (703) 

10 872-9306. 

1 1 Information regarding the status of an application may be obtained from the 

12 Patent Application Information Retrieval (PAIR) system. Status information for 

13 published applications may be obtained from either Private PAIR or Public PAIR. 

14 Status information for unpublished applications is available through Private PAIR only. 

1 5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

16 you have questions on access to the Private PAIR system, contact the Electronic 

17 Business Center (EBC) at 866-217-9197 (toll-free). 
18 

NASSER MOAZZAMI 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



19 

20 J. Williams 

21 AU2137 



